storeBackup.pl in storeBackup through 3.5 relies on the /tmp/storeBackup.lock pathname, which allows symlink attacks that possibly lead to privilege escalation. (Local users can also create a plain file named /tmp/storeBackup.lock to block use of storeBackup until an admin manually deletes that file.)
2020-01-21T21:15:16.443
2024-11-21T05:36:32.217
Modified
CVSSv3.1: 8.1 (HIGH)
AV:N/AC:M/Au:N/C:C/I:C/A:C
8.6
10.0
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | storebackup | storebackup | ≤ 3.5 | Yes |
| Operating System | debian | debian_linux | 8.0 | Yes |
| Application | opensuse | backports_sle | 15.0 | Yes |
| Application | opensuse | backports_sle | 15.0 | Yes |
| Operating System | opensuse | leap | 15.1 | Yes |
| Operating System | canonical | ubuntu_linux | 16.04 | Yes |
| Operating System | canonical | ubuntu_linux | 18.04 | Yes |
| Operating System | canonical | ubuntu_linux | 20.04 | Yes |